ClawHub

Claw Shell Hardened

Security checks across malware telemetry and agentic risk

Overview

This is openly a shell-command runner, but it gives an agent broad local command power with weak built-in controls.

Install only if you intentionally want an agent-accessible shell runner in your local environment. Use it in a disposable or tightly sandboxed workspace, avoid secrets in the environment, and do not rely on its blocklist as a complete safety boundary for destructive commands or outbound data transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The safety text is internally inconsistent: it says `reboot` is explicitly prohibited without confirmation, yet the surrounding examples normalize explicit-confirmation-based execution as an acceptable path. In a shell-execution skill, ambiguous policy around destructive commands can cause the agent to permit system-impacting actions after simple user confirmation, weakening the guardrail and creating a real safety boundary failure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill accepts an arbitrary string command and sends it to a shell-backed tmux session with no enforced authorization, allowlist, or built-in confirmation step before execution. The weak `isDangerous` filter is trivial to bypass and misses many destructive or exfiltration-capable commands, so an attacker or prompt-injected agent flow could run harmful shell operations while the code path directly executes them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal